setup web ssh console in ezeelogin and ssh via browser
WEB SSH Console is available within the GUI from Ezeelogin 7.4.1 and above only. This feature lets you ssh use a browser and does not need an ssh terminal.
1. Install the NODE JS Application on the Jumphost server.
On Centos 7
[email protected]:~ yum install epel-release
[email protected]:~ yum install npm
On Ubuntu 16/18 and Debian 10
[email protected]:~ apt install npm
On Ubuntu 20/22
[email protected]:~ apt-get update
[email protected]:~ apt install npm
2. Install n, Node’s version manager:
If you are not using SSL, you need to set the repo to HTTP by running :
[email protected]:~ npm config set registry http://registry.npmjs.org/
[email protected]:~ npm install -g n
3. Install node by running :
To install the latest version:
[email protected]:~ n latest
To install the corresponding version :
[email protected]:~ n version.number
For example, the below command will install node 19
[email protected]:~ n 19
Run the following command to install node without SSL
[email protected]:~ n --insecure latest
To switch between node versions run the following command and refer to the given screenshot.
2. Ensure that the path to the node binary is specified correctly under Settings >> General >> Miscellaneous >> NodeJS Command. The Web SSH Port variable is configurable. Ensure that the port entered here is open for inbound traffic as well.
The NodeJS Command field should have the path to the node or nodejs binary which usually is /usr/bin/node in the case of Centos7 and /usr/bin/nodejs in the case of Ubuntu 14-04
Ensure that inbound tcp traffic on port 52222 is open as nodejs server listens on this port. The command 'which node' or 'which nodejs' or 'whereis nodejs' , 'whereis node' would give you the path to the node binary. Run 'node -v/nodejs -v' and ensure that the version of node to be used is above 8.0.0
3. Make sure to enable 2factor authentication and install the SSL as outlined below for the web shell icon to be visible.
4. Install the Certificates for the Web SSH Console Application to work. Generate a self-signed cert with the following command
[email protected]:~# openssl req -new -days 365 -x509 -nodes -newkey rsa:2048 -out /usr/local/etc/ezlogin/tls_cert.pem -keyout /usr/local/etc/ezlogin/tls_key.pem
Or put a valid Cert and Key in the files: /usr/local/etc/ezlogin/tls_cert.pem & /usr/local/etc/ezlogin/tls_key.pem respectively. You can rename your current .crt / .key file to .pem file.
Also, make sure that the .pem files are readable by the webserver user such as nobody/www-root/apache etc. An easy way to grant the webuser read privileges would be chmod 644 /usr/local/etc/ezlogin/*.pem. Restart node process after replacing the certificates. Run the command " pkill -9 node " to stop node process and it would be restarted on clicking the "Open Web SSH console" icon in the servers tab in GUI.
You can use the OpenSSL s_client commands to test SSL connectivity if you got any SSLconnectivity error for web ssh / Ezeelogin GUI
[email protected]~#$ openssl s_client -connect bastion.eznoc.com:52222 -showcerts
[email protected]~#$ openssl s_client -connect bastion.eznoc.com:443 -showcerts
5. Ensure that password authentication is enabled from the local host alone in the sshd configuration file( /etc/ssh/sshd_config ) on the jump server. Add the following parameters to the END of /etc/ssh/sshd_config file.
Match Address 127.0.0.1
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
6. Install the NodeJS module dependencies for the WebSSH Console Application.
cd $(awk '/^system_folder/ {print $2}' /usr/local/etc/ezlogin/ez.conf)/application/external/webssh/&& npm install
7. Ensure that the user or the Usergroup has the privilege to access the web shell feature. Grant it as follows. Access Control->UserGroup-Action-><select user group->Servers->web ssh Console
8. Click on the Web SSH Console feature under the Servers tab
9. The web ssh console would open on the browser tab and will look as shown below.
- Ensure that Node version is above 10 and NPM Version is >=5
- Start the WebSSH Console node application manually to determine any errors.
[email protected]:~ DEBUG=* PORT=52222 node $(awk '/^system_folder/ {print $2}' /usr/local/etc/ezlogin/ez.conf)/application/external/webssh/index.js
- Install the Node modules required by the node application
[email protected]:~ cd $(awk '/^system_folder/ {print $2}' /usr/local/etc/ezlogin/ez.conf)/application/external/webssh/&& npm install